<?php
    /**
    * Mobile Connectors
    * Submit to change password
    * 
    * @author trungdt
    * @since Dec 10, 2012
    * @copyright ABSoft Viet Nam
    * 
    * Input
    * Required
    * - session_id
    * - password : encrypted string
    *  
    * Output
    * {
    *   status : OK | NOT_AUTHENTICATE | NOT_VALID
    * }
    * You can test the based 64 encode and decode by this website: http://www.base64encode.org/
    * Note: the password need to be encrypt in this way
    * Step 1: Password = "123abc" (for example)
    * Step 2: Revert the password. So, it will be: Password = cba321
    * Step 3: Get the based 64 code of step 2 password: then Password = Y2JhMzIx
    * Step 4: Revert the password in step 3, Password = xIzMhJ2Y
    * Step 5: Again, encode 64 bits: Password = eEl6TWhKMlk=
    * Step 6: Remove the sign = at the end of encoded password
    * Step : Repeat step 2
    */
    
    global $db;
    // include the mobile connectors
    include_once(BASE."modules/profilemodule/mobile_connector.php");

    $ret = null; // init object
    $ret->status = "NOT_VALID";

    if (isset($_POST['session_id']))
    {
        $session_id = _ab_safe_html_string($_POST['session_id']);

        // check session is still valid or not
        // all timedout session had been wiped
        $msession = $db->selectObject("profilemodule_mobilesession", "session_id = '{$session_id}'");

        if (isset($msession->id))
        {
            // session still valid, 
            profile_module_updateClientSession_last_response($session_id);
            
            $ret->status="OK";

            // we need to decode the password before update it to database
            $password = $_POST['password'];
            $password = strrev($password);
            $password = $password."=";
            $password = base64_decode($password);
            $password = strrev($password);
            $password = base64_decode($password);
            $password = strrev($password);
            
            $muser = exponent_users_getUserById($msession->user_id);
            // change pass
            exponent_users_changepass($password, $muser);
            
            $ret->status="OK";
        }
        else
        {
            $ret->status="NOT_VALID";
        }
    }

    echo json_encode($ret);
    die();
?>